On Sun, Nov 24, 2019 at 11:38:53AM -0600, Eric Sandeen wrote: > On 11/24/19 10:40 AM, Darrick J. Wong wrote: > > On Sun, Nov 24, 2019 at 11:13:09AM +0200, Alex Lyakas wrote: > > ... > > >>>> With the suggested patch, xfs repair is working properly also when mount-provided sunit/swidth are different. > >>>> > >>>> However, I am not sure whether this is the proper approach. > >>>> Otherwise, should we not allow specifying different sunit/swidth > >>>> during mount? > > > > I propose a (somewhat) different solution to this problem: > > > > Port to libxfs the code that determines where mkfs/repair expect the > > root inode. Whenever we want to update the geometry information in the > > superblock from mount options, we can test the new ones to see if that > > would cause sb_rootino to change. If there's no change, we update > > everything like we do now. If it would change, either we run with those > > parameters incore only (which I think is possible for su/sw?) or refuse > > them (because corruption is bad). > > > > This way we don't lose the su/sw updating behavior we have now, and we > > also gain the ability to shut down an entire class of accidental sb > > geometry corruptions. > Indeed, I was thinking about something similar with regard to validation. ISTM that we either need some form of runtime validation... > I also wonder if we should be putting so much weight on the root inode > location in repair, or if we could get away with other consistency checks > to be sure it's legit, since we've always been able to move the > "expected" Location. > ... or to fix xfs_repair. ;) Fixing the latter seems ideal to me, but I'm not sure how involved that is compared to a runtime fix. Clearly the existing repair check is not a sufficient corruption check on its own. Perhaps we could validate the inode pointed to by the superblock in general and if that survives, verify it looks like a root directory..? The unexpected location thing could still be a (i.e. bad alignment) warning, but that's probably a separate topic. I'm not opposed to changing runtime behavior even with a repair fix, fwiw. I wonder if conditionally updating the superblock is the right behavior as it might be either too subtle for users or too disruptive if some appliance out there happens to use a mount cycle to update su/sw. Failing the mount seems preferable, but raises similar questions wrt to changing behavior. Yes, it is corruption otherwise, but unless I'm missing something it seems like a pretty rare corner case (e.g. how many people change alignment like this? of those that do, how many ever run xfs_repair?). To me, the ideal behavior is for mount options to always dictate runtime behavior and for a separate admin tool or script to make persistent changes (with associated validation) to the superblock. Brian
